On Monday, a group of hackers calling themselves the Shadow Broker put up a number of cyber-espionage tools reportedly stolen from NSA-associated hacking outfit, the Equation Group. Edward Snowden has already publicly speculated that the intrusion and theft was actually just another salvo in the ongoing Digital Cold War happening between the US and Russia. However, nobody was 100 percent certain that the tools for sale really were NSA property. Now, Snowden has released documentation to The Intercept that suggests the tools really are what the Shadow Brokers say they are.
Specifically, Snowden has released a classified Top Secret agency manual for implanting malware. That manual instructs agents to track their malware deployments using the character string “ace02468bdf13579”, which it so happens appears in 14 places throughout the code of SECONDDATE, a program that the Shadow Broker leaked. SECONDDATE is a tool used to infiltrate and monitor network activity using an exploit on vulnerable network routers, allowing the NSA to run “man in the middle attacks” against targeted computers. It reportedly even works against encrypted wireless signals.
The danger here isn’t just that the monitoring tool is publicly available, which puts any user with a vulnerable router at risk, there’s also the issue that Shadow Broker was successful in the first place. The fact that they were able to covertly breach a supposedly secure NSA staging server and abscond with dozens of the agency’s prized hacking tools — without being immediately caught — must mean that the group (and whoever is bankrolling them) possesses exploits that the US cannot currently defend against.
There are serious political and diplomatic implications as well. As Snowden argued earlier this week, the entire hack reeked of state-sponsorship. It could very well be interpreted as a warning shot from Russia. Should the US dig too deep or rattle its saber too loudly over the DNC leak, the Russians would be able to show that America is just as guilty of cyber-spying — perhaps even against its own allies. While nobody has been able to conclusively prove that Russia is behind the attack, both it’s timing and target, remain highly suspect.